Solved

I am working on a Juniper-NS5GT  firewall and I need to port foward 3389 to a client machine

Posted on 2009-05-19
8
660 Views
Last Modified: 2013-11-16
I have a third party app company who is going to need to get into a machine
To make it easier for you guys  here is the IP of the router 192.168.7.1
here is the IP address of the client Machine 192.168.7.56
Please advise on this thank you and I ask for no KB articles just simple answers as I am under the GUN to get this done
0
Comment
Question by:explorer648
  • 6
  • 2
8 Comments
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425484
Try this:

Go to Objects ->Services -> Custom
Create a new service for TCP port 3389

Create a policy from Untrust to Trust
Source Address - Any or if you know the IP of your partner
Destination Address - 192.168.7.56
Service - Custom Service
Action - Permit
Check logging and at session beginning (Optional)

I think that should do it
0
 

Author Comment

by:explorer648
ID: 24425688
Umm tried it and after i did it it does not work?
here is the screen shots



policy-page.bmp
PORT.bmp
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24425978
My bad, i was wrong on the destination setup.

Create a Address list called VIP TS
Assign your public IP

In Network -> Interfaces
Edit your public interface

Goto VIP properties
Create new VIP service
Assign port 3389 to 192.168.7.56

Now set your destination address in your policy as VIP TS
0
Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

 
LVL 6

Expert Comment

by:drewha1969
ID: 24425997
PS  Setup your VIP TS as a Global address
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24426866
As a side note, this should work, as we have it done this way to pass port 80 to our webserver, however I am definitely not a security guru and am not sure of all the ramifications of opening up a desktop to the internet on that port.  As far as i know, if the machine has strong passwords, it should be safe, but again, I am no guru.

To clarify and make sure I have given you the correct information, it sounds like you do not have a VPN setup between your 2 networks and you are trying to connect over the internet.  If so, setting up the destination as I have described above should work.
0
 
LVL 6

Expert Comment

by:drewha1969
ID: 24431253
I feel I may have been rushing through the VIP part and left out some details so:

Network -> Interfaces
Edit Public Interface (Usually Ethernet 3)
VIP
If no previous entries, follow the next step, else skip to New VIP Service
Add/Modify VIP entry -> select "Same as the untrusted interface IP address" -> Add

New VIP Service
Virtual IP -> Public IP
Virtual Port -> 3389
Map to Service -> Custom service (TS) 3389
Map to IP -> 192.168.7.56
Check Server Autodetection

0
 
LVL 6

Accepted Solution

by:
drewha1969 earned 500 total points
ID: 24431285
Sorry again, set the netmask as 32 for your global address.
VIP TS = PublicIP/32
0
 

Author Comment

by:explorer648
ID: 24606965
I have not had a chance to try this new solution yet I will try it and see where it takes me
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question